static WERROR cmd_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
WERROR result;
uint32 flags = DS_RETURN_DNS_NAME;
const char *server_name = cli->cli->desthost;
const char *domain_name;
struct GUID domain_guid = GUID_zero();
struct GUID site_guid = GUID_zero();
struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
if (argc < 2) {
fprintf(stderr, "Usage: %s [domainname] [domain_name] [domain_guid] [site_guid] [flags]\n", argv[0]);
return WERR_OK;
}
if (argc >= 2)
domain_name = argv[1];
if (argc >= 3) {
if (!NT_STATUS_IS_OK(GUID_from_string(argv[2], &domain_guid))) {
return WERR_NOMEM;
}
}
if (argc >= 4) {
if (!NT_STATUS_IS_OK(GUID_from_string(argv[3], &site_guid))) {
return WERR_NOMEM;
}
}
if (argc >= 5)
sscanf(argv[4], "%x", &flags);
result = rpccli_netlogon_dsr_getdcname(cli, mem_ctx, server_name, domain_name,
&domain_guid, &site_guid, flags,
&info);
if (W_ERROR_IS_OK(result)) {
d_printf("DsGetDcName gave\n");
display_ds_domain_controller_info(mem_ctx, info);
return WERR_OK;
}
printf("rpccli_netlogon_dsr_getdcname returned %s\n",
dos_errstr(result));
return result;
}
static void unbecomeDC_drsuapi_bind_send(struct libnet_UnbecomeDC_state *s)
{
struct composite_context *c = s->creq;
struct drsuapi_DsBindInfo28 *bind_info28;
struct tevent_req *subreq;
GUID_from_string(DRSUAPI_DS_BIND_GUID, &s->drsuapi.bind_guid);
bind_info28 = &s->drsuapi.local_info28;
bind_info28->supported_extensions = 0;
bind_info28->site_guid = GUID_zero();
bind_info28->pid = 0;
bind_info28->repl_epoch = 0;
s->drsuapi.bind_info_ctr.length = 28;
s->drsuapi.bind_info_ctr.info.info28 = *bind_info28;
s->drsuapi.bind_r.in.bind_guid = &s->drsuapi.bind_guid;
s->drsuapi.bind_r.in.bind_info = &s->drsuapi.bind_info_ctr;
s->drsuapi.bind_r.out.bind_handle = &s->drsuapi.bind_handle;
subreq = dcerpc_drsuapi_DsBind_r_send(s, c->event_ctx,
s->drsuapi.drsuapi_handle,
&s->drsuapi.bind_r);
if (composite_nomem(subreq, c)) return;
tevent_req_set_callback(subreq, unbecomeDC_drsuapi_bind_recv, s);
}
static WERROR cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
WERROR result;
NTSTATUS status;
uint32_t flags = DS_RETURN_DNS_NAME;
const char *server_name = cli->desthost;
const char *domain_name;
const char *site_name = NULL;
struct GUID domain_guid = GUID_zero();
struct netr_DsRGetDCNameInfo *info = NULL;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 2) {
fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
"[site_name] [flags]\n", argv[0]);
return WERR_OK;
}
domain_name = argv[1];
if (argc >= 3) {
if (!NT_STATUS_IS_OK(GUID_from_string(argv[2], &domain_guid))) {
return WERR_NOMEM;
}
}
if (argc >= 4) {
site_name = argv[3];
}
if (argc >= 5) {
sscanf(argv[4], "%x", &flags);
}
debug_dsdcinfo_flags(1,flags);
status = dcerpc_netr_DsRGetDCNameEx(b, mem_ctx,
server_name,
domain_name,
&domain_guid,
site_name,
flags,
&info,
&result);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
if (!W_ERROR_IS_OK(result)) {
return result;
}
d_printf("DsRGetDCNameEx gave %s\n",
NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
return result;
}
static WERROR dreplsrv_connect_samdb(struct dreplsrv_service *service, struct loadparm_context *lp_ctx)
{
const struct GUID *ntds_guid;
struct drsuapi_DsBindInfo28 *bind_info28;
service->samdb = samdb_connect(service, service->task->event_ctx, lp_ctx, service->system_session_info);
if (!service->samdb) {
return WERR_DS_UNAVAILABLE;
}
ntds_guid = samdb_ntds_objectGUID(service->samdb);
if (!ntds_guid) {
return WERR_DS_UNAVAILABLE;
}
service->ntds_guid = *ntds_guid;
bind_info28 = &service->bind_info28;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_00100000;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
#if 0 /* we don't support XPRESS compression yet */
bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
#endif
/* TODO: fill in site_guid */
bind_info28->site_guid = GUID_zero();
/* TODO: find out how this is really triggered! */
bind_info28->pid = 0;
bind_info28->repl_epoch = 0;
return WERR_OK;
}
static enum MAPISTATUS get_MailboxGuid(struct openchangedb_context *self,
const char *recipient,
struct GUID *MailboxGUID)
{
functions_called.get_MailboxGuid++;
*MailboxGUID = GUID_zero();
return MAPI_E_SUCCESS;
}
static enum MAPISTATUS get_MailboxReplica(struct openchangedb_context *self,
const char *recipient, uint16_t *ReplID,
struct GUID *ReplGUID)
{
functions_called.get_MailboxReplica++;
*ReplID = 0x03;
*ReplGUID = GUID_zero();
return MAPI_E_SUCCESS;
}
} END_TEST
START_TEST(test_call_get_MailboxGuid) {
struct GUID local_guid = GUID_zero();
struct GUID MailboxGUID;
CHECK_SUCCESS(openchangedb_get_MailboxGuid(oc_ctx, "recipient", &MailboxGUID));
ck_assert_int_eq(functions_called.get_MailboxGuid, 1);
ck_assert(GUID_equal(&MailboxGUID, &local_guid));
} END_TEST
} END_TEST
START_TEST(test_call_replica_mapping_replid_to_guid) {
struct GUID *guid;
struct GUID local_guid = GUID_zero();
guid = talloc_zero(mem_ctx, struct GUID);
CHECK_SUCCESS(openchangedb_replica_mapping_replid_to_guid(oc_ctx, "recipient",
0x03, guid));
talloc_free(guid);
ck_assert_int_eq(functions_called.replid_to_guid, 1);
ck_assert(GUID_equal(guid, &local_guid));
} END_TEST
} END_TEST
START_TEST(test_call_get_MailboxReplica) {
uint16_t ReplID;
struct GUID local_guid = GUID_zero();
struct GUID ReplGUID;
CHECK_SUCCESS(openchangedb_get_MailboxReplica(oc_ctx, "recipient", &ReplID, &ReplGUID));
ck_assert_int_eq(functions_called.get_MailboxReplica, 1);
ck_assert_int_eq(ReplID, 0x03);
ck_assert(GUID_equal(&ReplGUID, &local_guid));
} END_TEST
/**
\details exchange_nsp NspiUnbind (0x1) function, Terminates a NSPI
session with the client
\param dce_call pointer to the session context
\param mem_ctx pointer to the memory context
\param r pointer to the NspiUnbind call structure
*/
static void dcesrv_NspiUnbind(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct NspiUnbind *r)
{
struct dcesrv_handle *h;
struct exchange_nsp_session *session;
bool ret;
DEBUG(5, ("exchange_nsp: NspiUnbind (0x1)\n"));
/* Step 0. Ensure incoming user is authenticated */
if (!dcesrv_call_authenticated(dce_call)) {
DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
DCESRV_NSP_RETURN(r, MAPI_E_LOGON_FAILED, NULL);
}
/* Step 1. Retrieve handle and free if emsabp context and session are available */
h = dcesrv_handle_fetch(dce_call->context, r->in.handle, DCESRV_HANDLE_ANY);
if (h) {
session = dcesrv_find_nsp_session(&r->in.handle->uuid);
if (session) {
ret = mpm_session_release(session->session);
if (ret == true) {
DLIST_REMOVE(nsp_session, session);
DEBUG(5, ("[%s:%d]: Session found and released\n",
__FUNCTION__, __LINE__));
} else {
DEBUG(5, ("[%s:%d]: Session found and ref_count decreased\n",
__FUNCTION__, __LINE__));
}
}
else {
DEBUG(5, (" nsp_session NOT found\n"));
}
}
r->out.handle->uuid = GUID_zero();
r->out.handle->handle_type = 0;
r->out.result = (enum MAPISTATUS) 1;
DCESRV_NSP_RETURN(r, 1, NULL);
}
static struct DsGetinfoTest *test_create_context(struct torture_context *tctx)
{
NTSTATUS status;
struct DsGetinfoTest *ctx;
struct drsuapi_DsBindInfo28 *our_bind_info28;
struct drsuapi_DsBindInfoCtr *our_bind_info_ctr;
const char *binding = torture_setting_string(tctx, "binding", NULL);
ctx = talloc_zero(tctx, struct DsGetinfoTest);
if (!ctx) return NULL;
status = dcerpc_parse_binding(ctx, binding, &ctx->drsuapi_binding);
if (!NT_STATUS_IS_OK(status)) {
printf("Bad binding string %s\n", binding);
return NULL;
}
ctx->drsuapi_binding->flags |= DCERPC_SIGN | DCERPC_SEAL;
/* ctx->admin ...*/
ctx->admin.credentials = cmdline_credentials;
our_bind_info28 = &ctx->admin.drsuapi.our_bind_info28;
our_bind_info28->supported_extensions = 0xFFFFFFFF;
our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
our_bind_info28->site_guid = GUID_zero();
our_bind_info28->pid = 0;
our_bind_info28->repl_epoch = 1;
our_bind_info_ctr = &ctx->admin.drsuapi.our_bind_info_ctr;
our_bind_info_ctr->length = 28;
our_bind_info_ctr->info.info28 = *our_bind_info28;
GUID_from_string(DRSUAPI_DS_BIND_GUID, &ctx->admin.drsuapi.bind_guid);
ctx->admin.drsuapi.req.in.bind_guid = &ctx->admin.drsuapi.bind_guid;
ctx->admin.drsuapi.req.in.bind_info = our_bind_info_ctr;
ctx->admin.drsuapi.req.out.bind_handle = &ctx->admin.drsuapi.bind_handle;
return ctx;
}
static void unbecomeDC_drsuapi_bind_send(struct libnet_UnbecomeDC_state *s)
{
struct composite_context *c = s->creq;
struct rpc_request *req;
struct drsuapi_DsBindInfo28 *bind_info28;
GUID_from_string(DRSUAPI_DS_BIND_GUID, &s->drsuapi.bind_guid);
bind_info28 = &s->drsuapi.local_info28;
bind_info28->supported_extensions = 0;
bind_info28->site_guid = GUID_zero();
bind_info28->pid = 0;
bind_info28->repl_epoch = 0;
s->drsuapi.bind_info_ctr.length = 28;
s->drsuapi.bind_info_ctr.info.info28 = *bind_info28;
s->drsuapi.bind_r.in.bind_guid = &s->drsuapi.bind_guid;
s->drsuapi.bind_r.in.bind_info = &s->drsuapi.bind_info_ctr;
s->drsuapi.bind_r.out.bind_handle = &s->drsuapi.bind_handle;
req = dcerpc_drsuapi_DsBind_send(s->drsuapi.pipe, s, &s->drsuapi.bind_r);
composite_continue_rpc(c, req, unbecomeDC_drsuapi_bind_recv, s);
}
static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
struct security_acl *acl,
bool is_container,
struct dom_sid *owner,
struct dom_sid *group,
struct GUID *object_list)
{
uint32_t i;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_acl *tmp_acl = talloc_zero(mem_ctx, struct security_acl);
if (!tmp_acl) {
return NULL;
}
if (!acl) {
return NULL;
}
for (i=0; i < acl->num_aces; i++) {
struct security_ace *ace = &acl->aces[i];
if ((ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) ||
(ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
struct GUID inherited_object = GUID_zero();
tmp_acl->aces = talloc_realloc(tmp_acl, tmp_acl->aces,
struct security_ace,
tmp_acl->num_aces+1);
if (tmp_acl->aces == NULL) {
talloc_free(tmp_ctx);
return NULL;
}
tmp_acl->aces[tmp_acl->num_aces] = *ace;
tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERITED_ACE;
/* remove IO flag from the child's ace */
if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY &&
!desc_ace_has_generic(tmp_ctx, ace)) {
tmp_acl->aces[tmp_acl->num_aces].flags &= ~SEC_ACE_FLAG_INHERIT_ONLY;
}
if (is_container && (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT))
tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERIT_ONLY;
switch (ace->type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED:
case SEC_ACE_TYPE_ACCESS_DENIED:
case SEC_ACE_TYPE_SYSTEM_AUDIT:
case SEC_ACE_TYPE_SYSTEM_ALARM:
case SEC_ACE_TYPE_ALLOWED_COMPOUND:
break;
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
inherited_object = ace->object.object.inherited_type.inherited_type;
}
if (!object_in_list(object_list, &inherited_object)) {
tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERIT_ONLY;
}
break;
}
tmp_acl->num_aces++;
if (is_container) {
if (!(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) &&
(desc_ace_has_generic(tmp_ctx, ace))) {
tmp_acl->aces = talloc_realloc(tmp_acl,
tmp_acl->aces,
struct security_ace,
tmp_acl->num_aces+1);
if (tmp_acl->aces == NULL) {
talloc_free(tmp_ctx);
return NULL;
}
tmp_acl->aces[tmp_acl->num_aces] = *ace;
desc_expand_generic(tmp_ctx,
&tmp_acl->aces[tmp_acl->num_aces],
owner,
group);
tmp_acl->aces[tmp_acl->num_aces].flags = SEC_ACE_FLAG_INHERITED_ACE;
tmp_acl->num_aces++;
}
}
}
}
/**
\details exchange_nsp NspiBind (0x0) function, Initiates a NSPI
session with the client.
This function checks if the user is an Exchange user and input
parameters like codepage are valid. If it passes the tests, the
function initializes an emsabp context and returns to the client a
valid policy_handle and expected reply parameters.
\param dce_call pointer to the session context
\param mem_ctx pointer to the memory context
\param r pointer to the NspiBind call structure
\return MAPI_E_SUCCESS on success, otherwise a MAPI error
*/
static void dcesrv_NspiBind(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct NspiBind *r)
{
struct GUID *guid = (struct GUID *) NULL;
struct emsabp_context *emsabp_ctx;
struct dcesrv_handle *handle;
struct policy_handle wire_handle;
struct exchange_nsp_session *session;
DEBUG(5, ("exchange_nsp: NspiBind (0x0)\n"));
/* Step 0. Ensure incoming user is authenticated */
if (!dcesrv_call_authenticated(dce_call) && (r->in.dwFlags & fAnonymousLogin)) {
DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
wire_handle.handle_type = EXCHANGE_HANDLE_NSP;
wire_handle.uuid = GUID_zero();
*r->out.handle = wire_handle;
r->out.mapiuid = r->in.mapiuid;
DCESRV_NSP_RETURN(r, MAPI_E_FAILONEPROVIDER, NULL);
}
/* Step 1. Initialize the emsabp context */
emsabp_ctx = emsabp_init(dce_call->conn->dce_ctx->lp_ctx, emsabp_tdb_ctx);
if (!emsabp_ctx) {
OC_ABORT(false, ("[exchange_nsp] Unable to initialize emsabp context"));
wire_handle.handle_type = EXCHANGE_HANDLE_NSP;
wire_handle.uuid = GUID_zero();
*r->out.handle = wire_handle;
r->out.mapiuid = r->in.mapiuid;
DCESRV_NSP_RETURN(r, MAPI_E_FAILONEPROVIDER, NULL);
}
if (lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"exchange_nsp", "debug", false)) {
emsabp_enable_debug(emsabp_ctx);
}
/* Step 2. Check if incoming user belongs to the Exchange organization */
if ((emsabp_verify_user(dce_call, emsabp_ctx) == false) && (r->in.dwFlags & fAnonymousLogin)) {
talloc_free(emsabp_ctx);
wire_handle.handle_type = EXCHANGE_HANDLE_NSP;
wire_handle.uuid = GUID_zero();
*r->out.handle = wire_handle;
r->out.mapiuid = r->in.mapiuid;
DCESRV_NSP_RETURN(r, MAPI_E_LOGON_FAILED, emsabp_tdb_ctx);
}
/* Step 3. Check if valid cpID has been supplied */
if (emsabp_verify_codepage(emsabp_ctx, r->in.pStat->CodePage) == false) {
talloc_free(emsabp_ctx);
wire_handle.handle_type = EXCHANGE_HANDLE_NSP;
wire_handle.uuid = GUID_zero();
*r->out.handle = wire_handle;
r->out.mapiuid = r->in.mapiuid;
DCESRV_NSP_RETURN(r, MAPI_E_UNKNOWN_CPID, emsabp_tdb_ctx);
}
/* Step 4. Retrieve OpenChange server GUID */
guid = (struct GUID *) samdb_ntds_objectGUID(emsabp_ctx->samdb_ctx);
if (!guid) {
DCESRV_NSP_RETURN(r, MAPI_E_FAILONEPROVIDER, emsabp_ctx);
}
/* Step 5. Fill NspiBind reply */
handle = dcesrv_handle_new(dce_call->context, EXCHANGE_HANDLE_NSP);
if (!handle) {
DCESRV_NSP_RETURN(r, MAPI_E_NOT_ENOUGH_RESOURCES, emsabp_ctx);
}
handle->data = (void *) emsabp_ctx;
*r->out.handle = handle->wire_handle;
r->out.mapiuid = guid;
/* Search for an existing session and increment ref_count, otherwise create it */
session = dcesrv_find_nsp_session(&handle->wire_handle.uuid);
if (session) {
mpm_session_increment_ref_count(session->session);
DEBUG(5, (" [unexpected]: existing nsp_session: %p; session: %p (ref++)\n", session, session->session));
}
else {
DEBUG(5, ("%s: Creating new session\n", __func__));
/* Step 6. Associate this emsabp context to the session */
session = talloc((TALLOC_CTX *)nsp_session, struct exchange_nsp_session);
if (!session) {
DCESRV_NSP_RETURN(r, MAPI_E_NOT_ENOUGH_RESOURCES, emsabp_ctx);
}
session->session = mpm_session_init((TALLOC_CTX *)nsp_session, dce_call);
if (!session->session) {
DCESRV_NSP_RETURN(r, MAPI_E_NOT_ENOUGH_RESOURCES, emsabp_ctx);
}
session->uuid = handle->wire_handle.uuid;
mpm_session_set_private_data(session->session, (void *) emsabp_ctx);
mpm_session_set_destructor(session->session, emsabp_destructor);
DLIST_ADD_END(nsp_session, session, struct exchange_nsp_session *);
}
DCESRV_NSP_RETURN(r, MAPI_E_SUCCESS, NULL);
}
static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx,
struct dssync_context *ctx,
const char *dn,
struct replUpToDateVectorBlob *utdv,
uint32_t *plevel,
union drsuapi_DsGetNCChangesRequest *preq)
{
NTSTATUS status;
uint32_t count;
uint32_t level;
union drsuapi_DsGetNCChangesRequest req;
struct dom_sid null_sid;
enum drsuapi_DsExtendedOperation extended_op;
struct drsuapi_DsReplicaObjectIdentifier *nc = NULL;
struct drsuapi_DsReplicaCursorCtrEx *cursors = NULL;
uint32_t replica_flags = DRSUAPI_DRS_WRIT_REP |
DRSUAPI_DRS_INIT_SYNC |
DRSUAPI_DRS_PER_SYNC |
DRSUAPI_DRS_GET_ANC |
DRSUAPI_DRS_NEVER_SYNCED;
ZERO_STRUCT(null_sid);
ZERO_STRUCT(req);
if (ctx->remote_info28.supported_extensions
& DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8)
{
level = 8;
} else {
level = 5;
}
nc = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
if (!nc) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
nc->dn = dn;
nc->guid = GUID_zero();
nc->sid = null_sid;
if (!ctx->single_object_replication &&
!ctx->force_full_replication && utdv)
{
cursors = talloc_zero(mem_ctx,
struct drsuapi_DsReplicaCursorCtrEx);
if (!cursors) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
switch (utdv->version) {
case 1:
cursors->count = utdv->ctr.ctr1.count;
cursors->cursors = utdv->ctr.ctr1.cursors;
break;
case 2:
cursors->count = utdv->ctr.ctr2.count;
cursors->cursors = talloc_array(cursors,
struct drsuapi_DsReplicaCursor,
cursors->count);
if (!cursors->cursors) {
status = NT_STATUS_NO_MEMORY;
goto fail;
}
for (count = 0; count < cursors->count; count++) {
cursors->cursors[count].source_dsa_invocation_id =
utdv->ctr.ctr2.cursors[count].source_dsa_invocation_id;
cursors->cursors[count].highest_usn =
utdv->ctr.ctr2.cursors[count].highest_usn;
}
break;
}
}
static NTSTATUS libnet_dssync_bind(TALLOC_CTX *mem_ctx,
struct dssync_context *ctx)
{
NTSTATUS status;
WERROR werr;
struct GUID bind_guid;
struct drsuapi_DsBindInfoCtr bind_info;
struct drsuapi_DsBindInfo28 info28;
struct dcerpc_binding_handle *b = ctx->cli->binding_handle;
ZERO_STRUCT(info28);
GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
info28.site_guid = GUID_zero();
info28.pid = 508;
info28.repl_epoch = 0;
bind_info.length = 28;
bind_info.info.info28 = info28;
status = dcerpc_drsuapi_DsBind(b, mem_ctx,
&bind_guid,
&bind_info,
&ctx->bind_handle,
&werr);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!W_ERROR_IS_OK(werr)) {
return werror_to_ntstatus(werr);
}
ZERO_STRUCT(ctx->remote_info28);
switch (bind_info.length) {
case 24: {
struct drsuapi_DsBindInfo24 *info24;
info24 = &bind_info.info.info24;
ctx->remote_info28.site_guid = info24->site_guid;
ctx->remote_info28.supported_extensions = info24->supported_extensions;
ctx->remote_info28.pid = info24->pid;
ctx->remote_info28.repl_epoch = 0;
break;
}
case 28: {
ctx->remote_info28 = bind_info.info.info28;
break;
}
case 32: {
struct drsuapi_DsBindInfo32 *info32;
info32 = &bind_info.info.info32;
ctx->remote_info28.site_guid = info32->site_guid;
ctx->remote_info28.supported_extensions = info32->supported_extensions;
ctx->remote_info28.pid = info32->pid;
ctx->remote_info28.repl_epoch = info32->repl_epoch;
break;
}
case 48: {
struct drsuapi_DsBindInfo48 *info48;
info48 = &bind_info.info.info48;
ctx->remote_info28.site_guid = info48->site_guid;
ctx->remote_info28.supported_extensions = info48->supported_extensions;
ctx->remote_info28.pid = info48->pid;
ctx->remote_info28.repl_epoch = info48->repl_epoch;
break;
}
case 52: {
struct drsuapi_DsBindInfo52 *info52;
info52 = &bind_info.info.info52;
ctx->remote_info28.site_guid = info52->site_guid;
ctx->remote_info28.supported_extensions = info52->supported_extensions;
ctx->remote_info28.pid = info52->pid;
ctx->remote_info28.repl_epoch = info52->repl_epoch;
break;
}
default:
DEBUG(1, ("Warning: invalid info length in bind info: %d\n",
bind_info.length));
break;
}
return status;
}
static WERROR cmd_drsuapi_getncchanges(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS status;
WERROR werr;
struct policy_handle bind_handle;
struct dcerpc_binding_handle *b = cli->binding_handle;
struct GUID bind_guid;
struct drsuapi_DsBindInfoCtr bind_info;
struct drsuapi_DsBindInfo28 info28;
const char *nc_dn = NULL;
DATA_BLOB session_key;
uint32_t level = 8;
bool single = false;
uint32_t level_out = 0;
union drsuapi_DsGetNCChangesRequest req;
union drsuapi_DsGetNCChangesCtr ctr;
struct drsuapi_DsReplicaObjectIdentifier nc;
struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
uint32_t out_level = 0;
int y;
uint32_t supported_extensions = 0;
uint32_t replica_flags = DRSUAPI_DRS_WRIT_REP |
DRSUAPI_DRS_INIT_SYNC |
DRSUAPI_DRS_PER_SYNC |
DRSUAPI_DRS_GET_ANC |
DRSUAPI_DRS_NEVER_SYNCED;
if (argc > 3) {
printf("usage: %s [naming_context_or_object_dn [single]]\n", argv[0]);
return WERR_OK;
}
if (argc >= 2) {
nc_dn = argv[1];
}
if (argc == 3) {
if (strequal(argv[2], "single")) {
single = true;
} else {
printf("warning: ignoring unknown argument '%s'\n",
argv[2]);
}
}
ZERO_STRUCT(info28);
ZERO_STRUCT(req);
GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
info28.site_guid = GUID_zero();
info28.pid = 0;
info28.repl_epoch = 0;
bind_info.length = 28;
bind_info.info.info28 = info28;
status = dcerpc_drsuapi_DsBind(b, mem_ctx,
&bind_guid,
&bind_info,
&bind_handle,
&werr);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
if (bind_info.length == 24) {
supported_extensions = bind_info.info.info24.supported_extensions;
} else if (bind_info.length == 28) {
supported_extensions = bind_info.info.info28.supported_extensions;
} else if (bind_info.length == 32) {
supported_extensions = bind_info.info.info32.supported_extensions;
} else if (bind_info.length == 48) {
supported_extensions = bind_info.info.info48.supported_extensions;
} else if (bind_info.length == 52) {
supported_extensions = bind_info.info.info52.supported_extensions;
}
if (!nc_dn) {
union drsuapi_DsNameCtr crack_ctr;
const char *name;
name = talloc_asprintf(mem_ctx, "%s\\", lp_workgroup());
W_ERROR_HAVE_NO_MEMORY(name);
werr = cracknames(cli, mem_ctx,
&bind_handle,
DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
1,
&name,
&crack_ctr);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
if (crack_ctr.ctr1->count != 1) {
return WERR_NO_SUCH_DOMAIN;
}
if (crack_ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
return WERR_NO_SUCH_DOMAIN;
}
nc_dn = talloc_strdup(mem_ctx, crack_ctr.ctr1->array[0].result_name);
W_ERROR_HAVE_NO_MEMORY(nc_dn);
printf("using: %s\n", nc_dn);
}
nc.dn = nc_dn;
nc.guid = GUID_zero();
nc.sid = (struct dom_sid) {0};
if (supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
level = 8;
req.req8.naming_context = &nc;
req.req8.replica_flags = replica_flags;
req.req8.max_object_count = 402;
req.req8.max_ndr_size = 402116;
if (single) {
req.req8.extended_op = DRSUAPI_EXOP_REPL_OBJ;
}
} else {
level = 5;
req.req5.naming_context = &nc;
req.req5.replica_flags = replica_flags;
req.req5.max_object_count = 402;
req.req5.max_ndr_size = 402116;
if (single) {
req.req5.extended_op = DRSUAPI_EXOP_REPL_OBJ;
}
}
for (y=0; ;y++) {
if (level == 8) {
DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
(long long)req.req8.highwatermark.tmp_highest_usn,
(long long)req.req8.highwatermark.highest_usn));
}
status = dcerpc_drsuapi_DsGetNCChanges(b, mem_ctx,
&bind_handle,
level,
&req,
&level_out,
&ctr,
&werr);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
printf("Failed to get NC Changes: %s",
get_friendly_nt_error_msg(status));
goto out;
}
if (!W_ERROR_IS_OK(werr)) {
printf("Failed to get NC Changes: %s",
get_friendly_werror_msg(werr));
goto out;
}
if (level_out == 1) {
out_level = 1;
ctr1 = &ctr.ctr1;
} else if (level_out == 2 && ctr.ctr2.mszip1.ts) {
out_level = 1;
ctr1 = &ctr.ctr2.mszip1.ts->ctr1;
}
status = cli_get_session_key(mem_ctx, cli, &session_key);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to get Session Key: %s",
nt_errstr(status));
return ntstatus_to_werror(status);
}
if (out_level == 1) {
DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
(long long)ctr1->new_highwatermark.tmp_highest_usn,
(long long)ctr1->new_highwatermark.highest_usn));
#if 0
libnet_dssync_decrypt_attributes(mem_ctx,
&session_key,
ctr1->first_object);
#endif
if (ctr1->more_data) {
req.req5.highwatermark = ctr1->new_highwatermark;
continue;
}
}
if (level_out == 6) {
out_level = 6;
ctr6 = &ctr.ctr6;
} else if (level_out == 7
&& ctr.ctr7.level == 6
&& ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP
&& ctr.ctr7.ctr.mszip6.ts) {
out_level = 6;
ctr6 = &ctr.ctr7.ctr.mszip6.ts->ctr6;
} else if (level_out == 7
&& ctr.ctr7.level == 6
&& ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_XPRESS
&& ctr.ctr7.ctr.xpress6.ts) {
out_level = 6;
ctr6 = &ctr.ctr7.ctr.xpress6.ts->ctr6;
}
if (out_level == 6) {
DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
(long long)ctr6->new_highwatermark.tmp_highest_usn,
(long long)ctr6->new_highwatermark.highest_usn));
#if 0
libnet_dssync_decrypt_attributes(mem_ctx,
&session_key,
ctr6->first_object);
#endif
if (ctr6->more_data) {
req.req8.highwatermark = ctr6->new_highwatermark;
continue;
}
}
break;
}
out:
return werr;
}
/* List of commands exported by this module */
struct cmd_set drsuapi_commands[] = {
{ "DRSUAPI" },
{ "dscracknames", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_cracknames, &ndr_table_drsuapi, NULL, "Crack Name", "" },
{ "dsgetdcinfo", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_getdcinfo, &ndr_table_drsuapi, NULL, "Get Domain Controller Info", "" },
{ "dsgetncchanges", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_getncchanges, &ndr_table_drsuapi, NULL, "Get NC Changes", "" },
{ "dswriteaccountspn", RPC_RTYPE_WERROR, NULL, cmd_drsuapi_writeaccountspn, &ndr_table_drsuapi, NULL, "Write Account SPN", "" },
{ NULL }
};
static WERROR cmd_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
WERROR result;
NTSTATUS status;
uint32_t flags = DS_RETURN_DNS_NAME;
const char *server_name = cli->desthost;
const char *domain_name = NULL;
const char *client_account = NULL;
uint32_t mask = 0;
const char *site_name = NULL;
struct GUID domain_guid = GUID_zero();
struct netr_DsRGetDCNameInfo *info = NULL;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 2) {
fprintf(stderr, "Usage: %s [client_account] [acb_mask] "
"[domain_name] [domain_guid] [site_name] "
"[flags]\n", argv[0]);
return WERR_OK;
}
if (argc >= 2) {
client_account = argv[1];
}
if (argc >= 3) {
mask = atoi(argv[2]);
}
if (argc >= 4) {
domain_name = argv[3];
}
if (argc >= 5) {
if (!NT_STATUS_IS_OK(GUID_from_string(argv[4], &domain_guid))) {
return WERR_NOT_ENOUGH_MEMORY;
}
}
if (argc >= 6) {
site_name = argv[5];
}
if (argc >= 7) {
sscanf(argv[6], "%x", &flags);
}
status = dcerpc_netr_DsRGetDCNameEx2(b, mem_ctx,
server_name,
client_account,
mask,
domain_name,
&domain_guid,
site_name,
flags,
&info,
&result);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
}
if (!W_ERROR_IS_OK(result)) {
return result;
}
d_printf("DsRGetDCNameEx2 gave %s\n",
NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
return result;
}
static WERROR cmd_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
NTSTATUS result;
WERROR werr = WERR_OK;
uint32_t flags = DS_RETURN_DNS_NAME;
const char *server_name = cli->desthost;
const char *domain_name;
struct GUID domain_guid = GUID_zero();
struct GUID site_guid = GUID_zero();
struct netr_DsRGetDCNameInfo *info = NULL;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc < 2) {
fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
"[site_guid] [flags]\n", argv[0]);
return WERR_OK;
}
if (argc >= 2)
domain_name = argv[1];
if (argc >= 3) {
if (!NT_STATUS_IS_OK(GUID_from_string(argv[2], &domain_guid))) {
return WERR_NOT_ENOUGH_MEMORY;
}
}
if (argc >= 4) {
if (!NT_STATUS_IS_OK(GUID_from_string(argv[3], &site_guid))) {
return WERR_NOT_ENOUGH_MEMORY;
}
}
if (argc >= 5)
sscanf(argv[4], "%x", &flags);
result = dcerpc_netr_DsRGetDCName(b, mem_ctx,
server_name,
domain_name,
&domain_guid,
&site_guid,
flags,
&info,
&werr);
if (!NT_STATUS_IS_OK(result)) {
return ntstatus_to_werror(result);
}
if (W_ERROR_IS_OK(werr)) {
d_printf("DsGetDcName gave: %s\n",
NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
return WERR_OK;
}
printf("rpccli_netlogon_dsr_getdcname returned %s\n",
win_errstr(werr));
return werr;
}
/*
get metadata version 2 info for a specified object DN
*/
static WERROR kccdrs_replica_get_info_obj_metadata2(TALLOC_CTX *mem_ctx,
struct ldb_context *samdb,
struct drsuapi_DsReplicaGetInfo *r,
union drsuapi_DsReplicaInfo *reply,
struct ldb_dn *dn,
uint32_t base_index)
{
WERROR status;
struct replPropertyMetaDataBlob omd_ctr;
struct replPropertyMetaData1 *attr;
struct drsuapi_DsReplicaObjMetaData2Ctr *metadata2;
const struct dsdb_schema *schema;
uint32_t i, j;
DEBUG(0, ("kccdrs_replica_get_info_obj_metadata2() called\n"));
if (!dn) {
return WERR_INVALID_PARAMETER;
}
if (!ldb_dn_validate(dn)) {
return WERR_DS_DRA_BAD_DN;
}
status = get_repl_prop_metadata_ctr(mem_ctx, samdb, dn, &omd_ctr);
W_ERROR_NOT_OK_RETURN(status);
schema = dsdb_get_schema(samdb, reply);
if (!schema) {
DEBUG(0,(__location__": Failed to get the schema\n"));
return WERR_INTERNAL_ERROR;
}
reply->objmetadata2 = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjMetaData2Ctr);
W_ERROR_HAVE_NO_MEMORY(reply->objmetadata2);
metadata2 = reply->objmetadata2;
metadata2->enumeration_context = 0;
/* For each replicated attribute of the object */
for (i = 0, j = 0; i < omd_ctr.ctr.ctr1.count; i++) {
const struct dsdb_attribute *schema_attr;
uint32_t attr_version;
NTTIME attr_change_time;
uint32_t attr_originating_usn;
/*
attr := attrsSeq[i]
s := AttrStamp(object, attr)
*/
/* get a reference to the attribute on 'omd_ctr' */
attr = &omd_ctr.ctr.ctr1.array[j];
schema_attr = dsdb_attribute_by_attributeID_id(schema, attr->attid);
DEBUG(0, ("attribute_id = %d, attribute_name: %s\n", attr->attid, schema_attr->lDAPDisplayName));
/*
if (attr in Link Attributes of object and
dwInVersion = 2 and DS_REPL_INFO_FLAG_IMPROVE_LINKED_ATTRS in msgIn.ulFlags)
*/
if (schema_attr &&
schema_attr->linkID != 0 && /* Checks if attribute is a linked attribute */
(schema_attr->linkID % 2) == 0 && /* is it a forward link? only forward links have the LinkValueStamp */
r->in.level == 2 &&
(r->in.req->req2.flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE)) /* on MS-DRSR it is DS_REPL_INFO_FLAG_IMPROVE_LINKED_ATTRS */
{
/*
ls := LinkValueStamp of the most recent
value change in object!attr
*/
status = get_linked_attribute_value_stamp(mem_ctx, samdb, dn, schema_attr->lDAPDisplayName,
&attr_version, &attr_change_time, &attr_originating_usn);
W_ERROR_NOT_OK_RETURN(status);
/*
Aligning to MS-DRSR 4.1.13.3:
's' on the doc is 'attr->originating_change_time' here
'ls' on the doc is 'attr_change_time' here
*/
/* if (ls is more recent than s (based on order in which the change was applied on server)) then */
if (attr_change_time > attr->originating_change_time) {
/*
Improve the stamp with the link value stamp.
s.dwVersion := ls.dwVersion
s.timeChanged := ls.timeChanged
s.uuidOriginating := NULLGUID
s.usnOriginating := ls.usnOriginating
*/
attr->version = attr_version;
attr->originating_change_time = attr_change_time;
attr->originating_invocation_id = GUID_zero();
attr->originating_usn = attr_originating_usn;
}
}
if (i < base_index) {
continue;
}
metadata2->array = talloc_realloc(mem_ctx, metadata2->array,
struct drsuapi_DsReplicaObjMetaData2, j + 1);
W_ERROR_HAVE_NO_MEMORY(metadata2->array);
metadata2->array[j].attribute_name = schema_attr->lDAPDisplayName;
metadata2->array[j].local_usn = attr->local_usn;
metadata2->array[j].originating_change_time = attr->originating_change_time;
metadata2->array[j].originating_invocation_id = attr->originating_invocation_id;
metadata2->array[j].originating_usn = attr->originating_usn;
metadata2->array[j].version = attr->version;
/*
originating_dsa_dn := GetDNFromInvocationID(originating_invocation_id)
GetDNFromInvocationID() should return the DN of the nTDSDSAobject that has the specified invocation ID
See MS-DRSR 4.1.13.3 and 4.1.13.2.1
*/
status = get_dn_from_invocation_id(mem_ctx, samdb,
&attr->originating_invocation_id,
&metadata2->array[j].originating_dsa_dn);
W_ERROR_NOT_OK_RETURN(status);
j++;
metadata2->count = j;
}
return WERR_OK;
}
/**
* durable reconnect test:
* connect with v2, reconnect with v1
*/
bool test_durable_v2_open_reopen2b(struct torture_context *tctx,
struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h;
struct smb2_handle *h = NULL;
struct smb2_create io;
struct GUID create_guid = GUID_random();
bool ret = true;
struct smbcli_options options;
options = tree->session->transport->options;
/* Choose a random name in case the state is left a little funky. */
snprintf(fname, 256, "durable_v2_open_reopen2b_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = false;
io.in.create_guid = create_guid;
io.in.timeout = UINT32_MAX;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, true);
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.timeout, io.in.timeout);
/* disconnect, leaving the durable open */
TALLOC_FREE(tree);
if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
torture_warning(tctx, "couldn't reconnect, bailing\n");
ret = false;
goto done;
}
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle_v2 = h; /* durable v2 reconnect */
io.in.create_guid = GUID_zero(); /* but zero create GUID */
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle = h; /* durable v1 (!) reconnect */
h = NULL;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
_h = io.out.file.handle;
h = &_h;
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
